0517e77fad272c4e051e8a5656256719_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0517e77fad272c4e051e8a5656256719_JaffaCakes118
Size

111KB
MD5

0517e77fad272c4e051e8a5656256719
SHA1

99ddf2fd751a690687c118fa727aa3e50eea1d48
SHA256

c5e0c62500575c2045fb05632f67bbe39045254b79ffb30e4da4ebe459c336da
SHA512

65aa4a4400309c00bc51f6e3abd2b6c83a0674124c6d08911f9a949edba77193d672e0f57f7fa53b3f72a9ba6b9a40c5186193f89908e09703dc0de7758dc6f7
SSDEEP

3072:iYhGZTuxQ3TvL4ZSDBqNmWtE+43zblaQJmY8BquwPmNwmtNX:fzQjvEDmWy+4DnmYiqu4mNbtNX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0517e77fad272c4e051e8a5656256719_JaffaCakes118

Files

0517e77fad272c4e051e8a5656256719_JaffaCakes118
.exe windows:5 windows x86 arch:x86

351f0ec58faf7de23c3efccfd349491e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcBindingFree
RpcImpersonateClient

crypt32

CertOpenStore
CryptUnprotectData
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegQueryInfoKeyA
RegDeleteKeyW
RegSetValueExA
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExA
RegCloseKey
RegEnumValueA
CryptSetProviderA
RegEnumKeyExA
CryptAcquireContextA
RegEnumValueW
RegQueryValueExW
CryptSignHashA
RegDeleteValueA
RegEnumKeyExW
CryptVerifySignatureA
RegCreateKeyExW
RegDeleteValueW

comdlg32

PrintDlgA
GetOpenFileNameA

ws2_32

WSARecvFrom
WSALookupServiceNextW
WSAAddressToStringA
WSAEventSelect
getnameinfo
WSALookupServiceEnd
getaddrinfo
WSAAddressToStringW
WSASendTo
WSASocketW
WSALookupServiceBeginW
freeaddrinfo
WSAIoctl
WSAStringToAddressA

shell32

ShellExecuteW
Shell_NotifyIconW

msvcrt

_itow
_ultoa
_wcsnicmp
wcschr
_except_handler3
wcslen
_snwprintf
sprintf
bsearch
__dllonexit
free
isdigit
_ltoa
_wcsicmp
_adjust_fdiv
_onexit
strtoul
wcscat
strncmp
strncpy
_initterm
atol
isxdigit
wcscpy
_ltow
wcscmp

kernel32

HeapDestroy
CopyFileW
GetOEMCP
GetEnvironmentStrings
HeapSize
InterlockedExchange
WritePrivateProfileStringW
GetCurrentProcess
GetCurrentThread
SystemTimeToFileTime
GetShortPathNameW
GetCommandLineW
FreeResource
ResumeThread
SizeofResource
SuspendThread
GetFileSize
IsDebuggerPresent
SetCurrentDirectoryA
lstrcpyA
CreateThread
VirtualAlloc
GetCPInfo
DeleteFileW
LocalAlloc
EnterCriticalSection
CreateEventW
SetFileTime
GlobalLock
TlsGetValue
LockFile
GetStartupInfoW
UnhandledExceptionFilter
FindResourceW
MoveFileW
HeapCreate
TerminateProcess
ExitProcess
FormatMessageW
FlushFileBuffers
DeleteCriticalSection
lstrcmpiW
GetSystemInfo
FindFirstFileW
GetUserDefaultLCID
lstrlenA
FileTimeToSystemTime
FindNextFileW
GetDriveTypeW
HeapFree
GlobalDeleteAtom
WaitForSingleObject
SetThreadPriority
GlobalSize
LoadLibraryA
InterlockedDecrement
MulDiv
FindClose
ConvertDefaultLocale
WideCharToMultiByte
TlsAlloc
CreateFileW
DuplicateHandle
HeapReAlloc
FileTimeToLocalFileTime
GetCurrentThreadId
GetModuleFileNameW
CompareStringW
SetErrorMode
GetEnvironmentStringsW
SetHandleCount
lstrlenW
LeaveCriticalSection
GetFileAttributesA
GetFullPathNameW
CompareStringA
GlobalAddAtomW
InitializeCriticalSection
GetAtomNameW
IsValidCodePage
GetFileTime
GetModuleHandleA
TlsSetValue
SetLastError
LockResource
GetCurrentProcessId
LocalReAlloc
ExitThread
HeapAlloc
GetStringTypeExW
WriteFile
GlobalReAlloc
SetFileAttributesW
Sleep
InterlockedIncrement
lstrcmpW
GetVersionExA
GlobalAlloc
SetEvent
FreeEnvironmentStringsA
GetStdHandle
UnlockFile
SetEndOfFile
EnumResourceLanguagesW
LocalFileTimeToFileTime
GlobalFlags
GetCommandLineA
GlobalUnlock
SetFilePointer
GlobalGetAtomNameW
GetVersion
GetThreadLocale
GetLocaleInfoW
TlsFree
GetLastError
GetPrivateProfileIntW
GlobalFindAtomW
GetProcessHeap
FreeEnvironmentStringsW
LCMapStringA
CreateProcessW
GlobalHandle
GlobalFree
SetUnhandledExceptionFilter
GetACP
CloseHandle
FatalAppExitA
GetVersionExW
GetPrivateProfileStringW
GetCurrentDirectoryA
LCMapStringW
RaiseException
GetVolumeInformationW
LoadResource
RtlUnwind
ReadFile
VirtualFree
ResetEvent
lstrcmpA
GetFileAttributesW

comctl32

ImageList_Draw
CreateToolbarEx
ImageList_GetIconSize
ImageList_Destroy
CreatePropertySheetPageW
PropertySheetW
InitCommonControlsEx

dnsapi

DnsReplaceRecordSetW
DnsValidateName_W
DnsApiFree

wmi

WmiNotificationRegistrationW

Sections

.data
Size: 4KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

351f0ec58faf7de23c3efccfd349491e

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

crypt32

advapi32

comdlg32

ws2_32

shell32

msvcrt

kernel32

comctl32

dnsapi

wmi

Sections

.data Size: 4KB - Virtual size: 200KB

.rsrc Size: 53KB - Virtual size: 52KB

.rdata Size: 18KB - Virtual size: 17KB

.text Size: 35KB - Virtual size: 35KB

.data
Size: 4KB - Virtual size: 200KB

.rsrc
Size: 53KB - Virtual size: 52KB

.rdata
Size: 18KB - Virtual size: 17KB

.text
Size: 35KB - Virtual size: 35KB